Connect with us

Hi, what are you looking for?


Security Infrastructure

2018 Predictions: Customers Demand Outcomes to End Balkanization of Security Practices

“It’s much more pleasant to be obsessed over how the hero gets out his predicament than it is over how I get out of mine” – Woody Allen

“It’s much more pleasant to be obsessed over how the hero gets out his predicament than it is over how I get out of mine” – Woody Allen

Today, security is kind of an artisanal industry. With a total addressable market north of $85 billion per year – and not one player above 5 percent – it is a chaotic industry of niches: Endpoint, AV, Cloud, Network/Infrastructure, Application, Compliance, and the list goes on and on.

Paradoxically, while the overwhelming array of choices has given technologists a lot to evaluate, they have not gone far enough to lower the actual security risk facing organizations. And businesses are starting to take note. As organizations are taking closer looks at the ROI of their security solutions, they’re realizing that less is more

In 2018, organizations will start to focus more on outcomes than simply checking all of the boxes with niche security tools. As a result, security technology will need to prove how it supports top business initiatives. Here are the factors that organizations will be considering.

Organizations will start to focus on prevention as much as detection 

The myth of being able to detect every breach, insider threat or lateral movement has been punctured. Security teams are realizing they need to prepare themselves for “when” they will be breached, rather than “if.”  

In the 1970s, the psychologist Ernest Hilgard developed the idea of divided consciousness to reflect how humans can have a divided brain. We so want to stop threats from entering our environment that we can miss the opportunity to reduce the locus of damage attackers can do when they breach our information security defenses. In 2018, these two halves will come together to enable a more integrated and effective cyber posture that values prevention as much as detection.

Advertisement. Scroll to continue reading.

Back to basics for data center and cloud

Speaking of detection, the spate of ransomware attacks and their ability to spread within enterprises is causing security teams to evaluate whether their applications and infrastructure are enablers or defenders of their organizations. 

Four key focus areas security teams must focus on in their data centers include:

– Patching

– Authentication

– Vulnerabilities

– Micro-segmentation

Each technology in itself helps provide a more resilient and robust preventive posture. Together they are like a band of superheroes reducing the risk of fast moving threats.

Ending blind spots

There is an old, almost hackneyed adage in security that you “can’t protect what you can’t see.” Yet this has not stopped many organizations from effectively flying blind. Traditionally, it takes painful, manual work to create strong visibility of an organization’s computing assets. In 2018, this will change as organizations spend more time creating Application Dependency Maps (ADM) of their environments (i.e., the roadmap a hacker can use) and will turn to Cloud Access Security Brokers (CASB) to understand and create security policies for their increasing consumption of SaaS applications.

End customers will drive compliance as much as regulators

In the age of digital transformation, most businesses processes are connected to the Internet.  This not only means a company’s data is potentially exposed, it also means, a company’s customers are exposed. Larger enterprise customers today are increasingly inspecting how their vendors and partners protect their data, and therefore their customers’ data. Being able to demonstrate compliance will be a table stakes condition of doing business for security vendors.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture


Identity and access governance vendor Saviynt has closed a $205 million financing round.

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.

Identity & Access

The National Security Agency (NSA) has published a series of recommendations on how to properly configure IP Security (IPsec) Virtual Private Networks (VPNs).


Security orchestration, automation and response (SOAR) provider Swimlane on Monday announced the launch of a security automation solution ecosystem for operational technology (OT) environments.